This patent specification describes not only various ideas and functions, but also their creative expression. A portion of the disclosure of this patent document therefore contains material to which a claim for copyright is made and notice is hereby given: Copyright Silicon Safe Limited 2013 and 2014 (pursuant to 17 U.S.C. 401). A claim to copyright protection is made to all protectable expression associated with the embodiments of the invention illustrated and described in this patent application.
The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. No express or implied licence under any copyright whatsoever is therefore granted.
The need for the secure storage of confidential data arises for example, when it is necessary to store computer passwords. A password is a secret word or string of numbers and or characters that is used to prove identity to gain access to a computer or resource. The password should be kept secret from those not allowed access and must therefore be stored in a secure data store. This store is conventionally a password file that is intended to be accessed by an authentication system but nobody else.
Password files are a honey-pot for computer hackers to target, which if not secured properly, can leave a computer or network vulnerable to compromise. At the present time, one of the most common forms of cyber-attack in the commercial world is to steal password files. Typically, a web site is infiltrated over the internet (or via a Worm or Trojan horse program installed inside the network) by exploiting known vulnerabilities and the password file is stolen. Passwords are then used for a variety of mischievous and criminal activities.
Loss of password files not only causes huge inconvenience to both organisations and individual users (as users are required to reset their passwords) but also raises questions about the systems vulnerability in the future, because of uncertainties as to what extent users have indeed used fresh passwords (e.g. a user who's password was jjj5 may simply change it to jjj6).
In addition there is a significant issue of collateral damage to the security of other systems because of user's tendencies to use few distinct passwords across different systems from social media web sites to online shopping web sites. Moreover, a problem of password file theft is that although one sometimes knows when it has happened, one cannot be certain that it hasn't happened. As a consequence the first time one might discover it has taken place is at the point of a massive compromise of the system.
A person of ordinary skill in the art will be aware of various prior art methods to secure password files and their contents including the most common of these which is saving an encoded version of the original plain-text password called a password hash, or saving the hash of a salted password.
Unfortunately the development of hash chains and rainbow tables, which are methods of decoding an encoded password back to their original plain-text, have made both of these measures inadequate. It is therefore essential that the password store itself cannot be compromised or stolen in the first place.
The present invention addresses the above vulnerabilities and also other problems not described above.